There is a delay in delivering emails announcing today's advisories due to the drupal.org data center migration. See drupal.community/@drupalinfra... for more details.
OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027 Read post
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026 Read post
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025 Read post
Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 Read post
Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023 Read post
AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022 Read post
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021 Read post
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020 Read post
Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019 Read post
SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018 Read post
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017 Read post
Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016 Read post
CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015 Read post
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014 Read post
Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013 Read post
Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012 Read post
Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 Read post
UI Icons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-010 Read post
Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009 Read post
Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 Read post
Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007 Read post
Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006 Read post
Happy 25th anniversary to Drupal. I build it w/ many of you & loved every minute. In honor, I present weitzman.github.io/drupal25-tim...
@klau.si @gknaddison.bsky.social @walkah.social @ksenzee.bsky.social @outlandishjosh.bsky.social @webchick.bsky.social @quicksketch.org @merlinofchaos.bsky.social
Happy anniversary! From the timeline on August 1, 2005:
Drupal security team is formed
This volunteer team is first led by chx. The team dutifully protects Drupal core and all the contrib modules that opt into its coverage. Future leaders would be Heine, greggles, and mlhess.
Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005 Read post
AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004 Read post
AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003 Read post
Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002 Read post
Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001 Read post
